Sunday, February 21, 2010

DNSmap v0.30 released

Passive DNS network mapper a.k.a. subdomains bruteforcer

For those who have never used dnsmap, dnsmap is a command line tool originally released in 2006 which helps discover target subdomains and IP ranges during the initial stages of an infrastructure pentest. dnsmap is a passive(ish) discovery tool meant to be used before an actual active attack. It’s an alternative to other discovery techniques such as whois lookups, scanning large IP ranges, etc … Run dnsmap and you should be able spot netblocks of a target organization in a relatively short period of time.

dnsmap is open source and is known to work on Linux, FreeBSD and Windows using Cygwin, although it has mostly been tested on Linux.

New features included:IPv6 supportMakefile includeddelay option (-d) added. This is useful in cases where dnsmap is killing your bandwidthignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positiveschanges made to make dnsmap compatible with OpenDNSdisclosure of internal IP addresses (RFC 1918) are reportedupdated built-in wordlistincluded a standalone three-letter acronym (TLA) subdomains wordlistdomains susceptible to “same site” scripting are reportedcompletion time is now displayed to the usermechanism to attempt to bruteforce wildcard-enabled domainsunique filename containing timestamp is now created when no specific output filename is supplied by uservarious minor bugs fixed